ODIN: Obfuscation-based privacy-preserving consensus algorithm for Decentralized Information fusion in smart device Networks

The large spread of sensors and smart devices in urban infrastructures are motivating research in the area of the Internet of Things (IoT) to develop new services and improve citizens’ quality of life. Sensors and smart devices generate large amounts of measurement data from sensing the environment, which is used to enable services such as control of power consumption or traffic density. To deal with such a large amount of information and provide accurate measurements, service providers can adopt information fusion, which given the decentralized nature of urban deployments can be performed by means of consensus algorithms. These algorithms allow distributed agents to (iteratively) compute linear functions on the exchanged data, and take decisions based on the outcome, without the need for the support of a central entity. However, the use of consensus algorithms raises several security concerns, especially when private or security critical information is involved in the computation. In this article we propose ODIN, a novel algorithm allowing information fusion over encrypted data. ODIN is a privacy-preserving extension of the popular consensus gossip algorithm, which prevents distributed agents from having direct access to the data while they iteratively reach consensus; agents cannot access even the final consensus value but can only retrieve partial information (e.g., a binary decision). ODIN uses efficient additive obfuscation and proxy re-encryption during the update steps and garbled circuits to make final decisions on the obfuscated consensus. We discuss the security of our proposal and show its practicability and efficiency on real-world resource-constrained devices, developing a prototype implementation for Raspberry Pi devices

ODIN: Obfuscation-based privacy-preserving consensus algorithm for Decentralized Information fusion in smart device Networks

The large spread of sensors and smart devices in urban infrastructures are motivating research in the area of the Internet of Things (IoT) to develop new services and improve citizens’ quality of life. Sensors and smart devices generate large amounts of measurement data from sensing the environment, which is used to enable services such as control of power consumption or traffic density. To deal with such a large amount of information and provide accurate measurements, service providers can adopt information fusion, which given the decentralized nature of urban deployments can be performed by means of consensus algorithms. These algorithms allow distributed agents to (iteratively) compute linear functions on the exchanged data, and take decisions based on the outcome, without the need for the support of a central entity. However, the use of consensus algorithms raises several security concerns, especially when private or security critical information is involved in the computation. In this article we propose ODIN, a novel algorithm allowing information fusion over encrypted data. ODIN is a privacy-preserving extension of the popular consensus gossip algorithm, which prevents distributed agents from having direct access to the data while they iteratively reach consensus; agents cannot access even the final consensus value but can only retrieve partial information (e.g., a binary decision). ODIN uses efficient additive obfuscation and proxy re-encryption during the update steps and garbled circuits to make final decisions on the obfuscated consensus. We discuss the security of our proposal and show its practicability and efficiency on real-world resource-constrained devices, developing a prototype implementation for Raspberry Pi devices

LineSwitch: Efficiently Managing Switch Flow in Software-Defined Networking while Effectively Tackling DoS Attacks

Software Defined Networking (SDN) is a new networking architecture which aims to provide better decoupling between network control (control plane) and data forwarding functionalities (data plane). This separation introduces several benefits, such as a directly programmable and (virtually) centralized network control. However, researchers showed that the required communication channel between the control and data plane of SDN creates a potential bottleneck in the system, introducing new vulnerabilities. Indeed, this behavior could be exploited to mount powerful attacks, such as the control plane saturation attack, that can severely hinder the performance of the whole network. In this paper we present LineSwitch, an efficient and effective solution against control plane saturation attack. LineSwitch combines SYN proxy techniques and probabilistic blacklisting of network traffic. We implemented LineSwitch as an extension of OpenFlow, the current reference implementation of SDN, and evaluate our solution considering different traffic scenarios (with and without attack). The results of our preliminary experiments confirm that, compared to the state-of-the-art, LineSwitch reduces the time overhead up to 30%, while ensuring the same level of protection.Comment: In Proceedings of the 10th ACM Symposium on Information, Computer and Communications Security (ASIACCS 2015). To appea

PADS: Practical Attestation for Highly Dynamic Swarm Topologies

Remote attestation protocols are widely used to detect device configuration (e.g., software and/or data) compromise in Internet of Things (IoT) scenarios. Unfortunately, the performances of such protocols are unsatisfactory when dealing with thousands of smart devices. Recently, researchers are focusing on addressing this limitation. The approach is to run attestation in a collective way, with the goal of reducing computation and communication. Despite these advances, current solutions for attestation are still unsatisfactory because of their complex management and strict assumptions concerning the topology (e.g., being time invariant or maintaining a fixed topology). In this paper, we propose PADS, a secure, efficient, and practical protocol for attesting potentially large networks of smart devices with unstructured or dynamic topologies. PADS builds upon the recent concept of non-interactive attestation, by reducing the collective attestation problem into a minimum consensus one. We compare PADS with a state-of-the art collective attestation protocol and validate it by using realistic simulations that show practicality and efficiency. The results confirm the suitability of PADS for low-end devices, and highly unstructured networks.Comment: Submitted to ESORICS 201

Secure and Scalable Services for the Internet of Things

The Internet of Things (IoT) paradigm is gradually populating the world with billions of interconnected smart devices, which are rapidly spreading in different domains. These devices range from tiny wearables to larger interconnected industrial devices, and are used for very different purposes, e.g., building automation, physical access control, or healthcare. As IoT is penetrating in every domain of our life, and in particular in safety and privacy critical domains such as automotive or healthcare, security and privacy become extremely important concerns. This dissertation analyzes emerging security and privacy challenges in different IoT services, and presents targeted solutions to mitigate potential threats. The content of this thesis is composed of three main parts: (1) an introduction of the Attribute-Based Encryption (ABE) cryptographic tool, and an assessment of its performance on IoT devices; (2) the design of secure management solution services for large scale IoT deployments; and (3) the design of privacy-enhanced IoT services. The first part of this dissertation provides an introduction of ABE, and presents a comprehensive evaluation of its performance on popular low cost IoT-enabling boards. ABE is a novel and expressive cryptographic tool that allows a data owner to (cryptographically) enforce access control on a piece of data, specifying the required attributes to decrypt it. Thanks to its high-level and expressive set of functionalities, ABE has been used in several security enhancing IoT services in the literature, as well as in two solutions we later present in this thesis. Our evaluation aims at providing researchers and practitioners with a tool to estimate costs and trade-offs of using ABE in novel IoT solutions. The second part of this dissertation focuses on secure device management, and in particular looks at two fundamental management sub-tasks: software updates distribution for IoT devices, and software integrity assessment of large scale IoT deployments. We consider a scenario where a management entity communicates with a network of IoT devices through a (potentially untrusted) intermediate distribution infrastructure; such infrastructure provides in-network data aggregation and caching, to facilitate data collection (many-to-one) and distribution (one-to-many). In the realistic case where this intermediate infrastructure can be compromised, providing scalable and secure management becomes a challenging task: the management entity cannot rely on the intermediate network to correctly aggregate the data it collects; or to respect the confidentiality and integrity of the transmitted data. For this reason, we present our protocol for one-to-many software updates distribution, which provides both updates end-to-end integrity and confidentiality using ABE as a building block. We describe our design on top of the Named-Data Networking protocol, a data-centric network protocol that provides request aggregation and pervasive caching at the network level. Then, we present our secure collective attestation protocol, which allows to securely collect and aggregate attestation proofs from end devices, this way reducing the complexity of the assessment at the management server side, even in presence of an untrusted aggregation network. The third and final part of this dissertation presents privacy-enhancing solutions for three relevant IoT scenarios: Location-Based Services (LBS), Advanced Metering Infrastructure (AMI), and decentralized multi-agent systems. In a LBS, mobile users share their location with a LBS Provider (LBSP) in order to obtain location information, such as the position of the closest hospital, movie theater, etc. In this scenario, users' privacy may be at risk--LBSP can track or identify users based on their location. We present a collaborative solution for mobile users that guarantees users' anonymity in LBS, and that gives users flexibility in selecting the desired anonymity degree. Another privacy sensitive domain is AMI, an infrastructure in modern Smart Grids that allows a management entity to collect fine-grained measurements from Smart Meter devices. Unfortunately, metering data collection in an AMI may turn into a privacy nightmare for users: researchers showed how the detailed energy consumption data from private houses (collected by smart energy meters) can reveal privacy sensitive information, such as user physical presence, or even the appliances in use, at a given point in time. We propose a solution to tackle this problem, which provides anonymous and scalable metering data collection under realistic security assumptions. Finally, we look at privacy-preserving decentralized information fusion in a multi-agent system. In this scenario, interconnected IoT devices collaboratively combine multiple local measurements into a unique value without the need for them to share their local measurements in clear; the final goal is to derive a binary decision, e.g., if the final value is above or below a threshold. We propose the design of a privacy-preserving protocol for information fusion in a decentralized semi-trusted setting. Our protocol leverages additive blinding and proxy re-encryption as building blocks to privately reach a consensus, and garbled circuit to perform a binary decision step.Il paradigma Internet of Things (IoT) sta popolando il mondo di milioni di dispositivi "smart" interconnessi tra loro, e in continua espansione in domini diversi. I dispositivi IoT variano da oggetti di piccole dimensioni, come i cosiddetti "wearables", a dispositivi industriali, e sono utilizzati per scopi diversi, per esempio automazione di edifici, controllo di accesso, o in ambito sanitario. Dato il grado di diffusione di IoT in vari aspetti delle nostre vite, ed in particolare in ambienti critici, come nel settore automobilistico o nel campo sanitario, diviene fondamentale progettare sistemi e servizi che garantiscano la sicurezza e la privacy degli utenti. Questa tesi analizza problematiche relative a sicurezza e privacy in diversi servizi IoT, e presenta soluzioni ad-hoc per mitigare potenziali minacce. Il contenuto della tesi è suddiviso in tre parti: (1) una introduzione dell'algoritmo di crittografia Attribute-Based Encryption (ABE), e un'analisi delle sue performance su dispositivi IoT; (2) la progettazione di soluzioni scalabili e sicure per la gestione e il controllo di sistemi IoT su larga scala; e (3) la progettazione di servizi IoT "privacy-friendly'. La prima parte di questa tesi introduce ABE, e presenta una valutazione delle sue performance su popolari dispositivi a basso costo e con ridotte capacità di calcolo, tipici del mondo IoT. ABE è un algoritmo di crittografia a chiave pubblica che permette di applicare (crittograficamente) politiche di controllo di accessi sui dati, specificando gli "attributi" che un utente deve avere per decifrarli. Grazie alla sua espressività e alle sue funzionalità, ABE è stato utilizzato sia in molti servizi IoT proposti in letteratura, che in due soluzioni che verranno introdotte nella tesi. La nostra valutazione sperimentale ha come obiettivo quello fornire mezzi per stimare a priori il costo, ed eventuali trade-off, derivanti dall'utilizzo di ABE. La seconda parte della tesi si focalizza sulla gestione e il controllo di dispositivi IoT in sistemi di larghe dimensioni. In particolare, questa parte presenta il nostro contributo nella risoluzione di due sottoproblemi: la distribuzione sicura di aggiornamenti software, e la valutazione dell'integrità del software in esecuzione nei dispositivi. Consideriamo uno scenario dove un'entità di controllo comunica con una rete di dispositivi IoT di larghe dimensioni tramite una rete di distribuzione intermedia "inaffidabile"; questa infrastruttura intermedia applica tecniche di caching e aggregazione dati con lo scopo di facilitare la distribuzione di contenuti (uno-a-molti) e la raccolta di dati dai dispositivi (molti-a-uno). In scenari realistici, questa infrastruttura può essere compromessa e/o controllata da attaccanti, e ció rende le attività di gestione e controllo dei dispositivi particolarmente complesse: l'entità di controllo non può infatti affidarsi completamente all'infrastruttura intermedia, ne per quanto riguarda l'aggregazione, ne per il mantenimento della confidenzialità e l'integrità dei dati distribuiti. Per questo motivo, in questa parte della tesi descriviamo prima il nostro protocollo per la distribuzioni di aggiornamenti software, il quale mantenendone confidenzialità e integrità sfruttando ABE; il design del protocollo viene presentato sopra a Named-Data Networking, un protocollo di rete di tipo "data centric" che fornisce nativamente aggregazione dati e caching a livello rete. Presentiamo poi il design di un protocollo per la verifica collettiva di una rete di dispositivi IoT. Il protocollo prevede la raccolta e l'aggregazione di prove di integrità del software da dispositivi IoT, e garantisce allo stesso tempo una ridotta complessità di processing lato entità di controllo, e l'integrità delle prove raccolte. La terza e ultima parte della tesi presenta soluzioni che forniscono garanzie di privacy in tre importanti servizi legati a IoT, e in particolare in servizi basati su: localizzazione (Location-Based Services, LBS), misurazione avanzata in ambito Smart Grid (noti come Advanced Metering Infrastructure, AMI), e comunicazione decentralizzata in sistemi muli-agente. Nei servizi LBS, gli utenti mobili condividono la loro posizione geografica con dei provider, i quali forniscono informazioni legate ad essa, come ad esempio l'ospedale, ristorante, o cinema, più vicini alla posizione dell'utente. Servizi di questo tipo possono rappresentare una minaccia per la privacy degli utenti: un provider può infatti tracciare o acquisire informazioni sensibili sugli utenti, in base alla loro posizione. Per ovviare a questo problema, presentiamo un protocollo che permette agli utenti di usufruire di tali servizi mantenendo l'anonimato. Il protocollo presentato funziona in modo collaborativo, e permette agli utenti di inviare richieste definendo il grado di privacy desiderato. Il secondo servizio considerato è quello di misurazione avanzata (AMI) fornito dalle moderne reti Smart Grid. Questo servizio permette ai gestori di energia elettrica di raccogliere misurazioni frequenti del consumo elettrico da dispositivi intelligenti denominati Smart Meters, per motivi di monitoraggio e/o controllo. Purtroppo, an- che questo servizio rappresenta una minaccia per la privacy gli utenti finali: infatti, ricercatori hanno dimostrato come le informazioni sul consumo energetico possano essere utilizzate in modo malevolo per inferire informazioni sensibili, come la presenza fisica di un utente in casa, o il tipo di elettrodomestici che utilizza. Presentiamo la nostra soluzione a questo problema, la quale permette allo stesso tempo agli utenti di condividere misurazioni in modo anonimo, e al gestore di energia elettrica di effettuare agevolmente la raccolta dei dati di consumo. Infine, in questa parte della tesi presentiamo la nostra soluzione per garantire "private information fusion" in servizi basati su sistemi multi-agente. In tali sistemi, dispositivi IoT (agenti) interconnessi tra loro spesso necessitano di combinare osservazioni locali per ottenere un unico valore, ed effettuare una decisione binaria (per esempio, decidere se un valore combinato di temperatura è inferiore ad una soglia data). L'obiettivo è quello di permettere ai vari dispositivi di effettuare tale "fusione", senza dover condividere le loro misurazioni locali in chiaro. La soluzione presentata in questa tesi permette ai dispositivi di raggiungere un consenso in modo decentralizzato, e in presenza di dispositivo "semi-trusted", utilizzando come building block additive blinding e proxy re-encryption, per raggiungere un consenso, mentre garbled circuit per effettuare lo step finale di decisione

Poster: A roaming-based denial of service attack on LTE networks

During the last ten years, mobile communications greatly evolved. Along this process, the main goal was to satisfy users' needs such as coverage, communication speed, and availability. However, less attention has been posed to prevent attacks such as Denial of Service (DoS), which aim to render the mobile network unserviceable. In this paper, we present a novel method to implement a distributed DoS attack on a target mobile operator's Control Network. We exploit the lack of coordination between local and remote components of the LTE network during the roaming authentication process to realize a pulse DoS using temporal lensing. Finally, we discuss the feasibility of our attack on future 5G networks

LineSwitch: Tackling Control Plane Saturation Attacks in Software-Defined Networking.

none4sinoneAmbrosin, Moreno; Conti, Mauro; Gaspari, Fabio De; Poovendran, RadhaAmbrosin, Moreno; Conti, Mauro; Gaspari, Fabio De; Poovendran, Radh

Amplified Distributed Denial of Service Attack in Software Defined Networking

none4sinoneAmbrosin, Moreno; Conti, Mauro; Gaspari, Fabio De; Devarajan, NishanthAmbrosin, Moreno; Conti, Mauro; Gaspari, Fabio De; Devarajan, Nishant